github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

make RPTs optionally expire, closes #794

pull/708/merge
Justin Richer 10 years ago
parent
e0cdeb3571
commit
ed7799b54a
2 changed files with 27 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
  2. 13
      openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java

16
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
Unescape View File

@ -49,6 +49,8 @@ public class ConfigurationPropertiesBean {
private String logoImageUrl; private String logoImageUrl;
private Long regTokenLifeTime; private Long regTokenLifeTime;
private Long rqpTokenLifeTime;
private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment
@ -131,6 +133,20 @@ public class ConfigurationPropertiesBean {
this.regTokenLifeTime = regTokenLifeTime; this.regTokenLifeTime = regTokenLifeTime;
} }
/**
* @return the rqpTokenLifeTime
*/
public Long getRqpTokenLifeTime() {
return rqpTokenLifeTime;
}
/**
* @param rqpTokenLifeTime the rqpTokenLifeTime to set
*/
public void setRqpTokenLifeTime(Long rqpTokenLifeTime) {
this.rqpTokenLifeTime = rqpTokenLifeTime;
}
public boolean isForceHttps() { public boolean isForceHttps() {
return forceHttps; return forceHttps;
} }

13
openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
Unescape View File

@ -17,6 +17,7 @@
package org.mitre.uma.service.impl; package org.mitre.uma.service.impl;
import java.util.Date;
import java.util.UUID; import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService; import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
@ -57,7 +58,7 @@ public class DefaultUmaTokenService implements UmaTokenService {
private ClientDetailsEntityService clientService; private ClientDetailsEntityService clientService;
@Autowired @Autowired
private ConfigurationPropertiesBean configBean; private ConfigurationPropertiesBean config;
@Autowired @Autowired
private JWTSigningAndValidationService jwtService; private JWTSigningAndValidationService jwtService;
@ -81,9 +82,17 @@ public class DefaultUmaTokenService implements UmaTokenService {
JWTClaimsSet claims = new JWTClaimsSet(); JWTClaimsSet claims = new JWTClaimsSet();
claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString())); claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
claims.setIssuer(configBean.getIssuer()); claims.setIssuer(config.getIssuer());
claims.setJWTID(UUID.randomUUID().toString()); claims.setJWTID(UUID.randomUUID().toString());
if (config.getRqpTokenLifeTime() != null) {
Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L);
claims.setExpirationTime(exp);
token.setExpiration(exp);
}
JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm(); JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims); SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);

Write Preview
Loading…
Cancel
Save